The Commons International Trade Select Committee today has politely and clearly signalled that the shift in data protection provisions put forward in the Japan-UK Trade Deal is meaningful. But the impact remains unclear.
The Committee’s report recognises the impact of the changes on data protection and on other digital matters which Open Rights Group has raised, including algorithmic transparency and technical protection measures. On data policy, they are proposing a specific further inquiry, which can only be welcomed.
The biggest concern, for both Open Rights Group and the Committee, are the clauses on data flows, which would appear to foresee a move away from the current European rights-based adequacy system. This system requires the UK to verify the safeguards guaranteed by a trade partner nation’s data protection laws before allowing easy data transfers to take place.
Separately, yesterday, we raised these concerns with officials from the Department of Trade and DCMS. We asked whether the provisions on data flows, and the limitations set forth in Article 80.84 which the EU refused to include, represented any danger or change to the current system.
The answer we got was that DIT and DCMS believe that our current adequacy system will continue, and is not under any threat. Rather, they view the provisions as a “signal” to “build a coalition of like-minded countries”. They asserted this will hold true even if the UK signs up to the Comprehensive and Progressive Agreement for Trans-Pacific Partnership.
This makes little sense, for several reasons:
- Treaties are legally binding documents with legal effects; they are not for policy messages
- Many scholars are concerned by the data flow provisions in CPTPP precisely because they jeopardise adequacy systems viewed as too restrictive
- The EU refused to agree to data flows clauses in their own Japan trade deal because of the potential for challenges to the adequacy system
- Government cannot have its cake and eat it too by claiming that nothing will change, yet data flows will improve.
So far, Government has not offered any legal analysis, impact assessment, or evidence of how they arrived at the adoption of these provisions. These processes would help us to understand why negotiators feel they are in the UK’s interest, and how the UK intends to support existing adequacy arrangements in the event of a trade dispute bringing them into question. The paucity of Government’s analysis, which gives no information about these processes, can be felt in today’s Commons report. Rather than comparing public Government statements with witness evidence, the Committee relies heavily on witness evidence to explore the impacts.
To have any sensible discussion on the impacts of the UK-Japan trade deal on data protection, Government needs to set out their reasoning and their evidence.
It is worth looking at the Committee’s response on this in full.
35. The main area in which CEPA differs from JEEPA is its provisions relating to digital trade and data. We heard that these provisions are ambitious and compare with provisions put forward in the US’s digital trade agreement with Japan. We also heard that the provisions are significant in terms of precedent-setting for future agreements. We plan to undertake a separate piece of work looking at the Government’s approach to digital and data provisions in Free Trade Agreements.
36. The Government has indicated that the Agreement’s digital and data provisions go beyond JEEPA on …cross-border data flows / free movement of data (Article 8.84) [and through] ban on data localisation requirements (Article 8.85)
37. Some provisions also go beyond CPTPP, for instance on protection of source code (specifically, algorithms) (Article 8.73). Issues of privacy and data protection are also addressed in the Agreement (Article 8.80).
38. Witnesses from the technology and services sectors strongly welcomed the digital and data provisions on the Agreement. However, other evidence we received suggests that CEPA marks an unwelcome shift away from the EU’s approach to data protection and could affect the EU’s adequacy decision in respect of the UK. Others, however, are of the view that the EU regime is restrictive, and possibly even protectionist, in this regard. We also heard concerns that the provisions relating to cross-border data flows, and banning requirements in relation to data localisation and access to source code could have negative implications for the NHS. Our evidence also raised issues concerning algorithm accountability in light of recent controversy around the potential for bias and unfairness in algorithms used by automated decision-making systems.
39. It has been pointed out to us in evidence that consultation by the Government on its digital trade policy has been limited. Only business interests are represented on DIT’s Telecoms and technology Trade Advisory Group; and other stakeholders, such as consumer groups, trade unions and policy experts, have had limited opportunities to put their views forward.
Parliament has been placed into an extraordinarily weak position regarding trade. It has no influence on the negotiating mandate, and is given no sight of negotiating documents before they are signed. It is unclear how votes on agreements are forced. On top of that, Government’s information and explanation of its strategy is limited to broad statements and press releases.
The Government is showing a knack for preventing meaningful discussion of very significant policy changes which could require UK data protection to change for the worse. Parliament needs to flex its muscles.
This report is a useful step; we would urge that they demand much more analysis and justification from the Government. There is a great deal at stake.